svn commit: r344564 - in head: contrib/bearssl contrib/bearssl/tools lib/libbearssl
Simon J. Gerraty
sjg at FreeBSD.org
Tue Feb 26 05:59:25 UTC 2019
Author: sjg
Date: Tue Feb 26 05:59:22 2019
New Revision: 344564
URL: https://svnweb.freebsd.org/changeset/base/344564
Log:
Add libbearssl
Disabled by default, used by loader and sbin/veriexec
Reviewed by: emaste
Sponsored by: Juniper Networks
Differential Revision: D16334
Added:
head/contrib/bearssl/
- copied from r343285, vendor/bearssl/dist/
head/lib/libbearssl/
head/lib/libbearssl/Makefile (contents, props changed)
head/lib/libbearssl/Makefile.depend (contents, props changed)
head/lib/libbearssl/Makefile.inc (contents, props changed)
head/lib/libbearssl/Makefile.libsa.inc (contents, props changed)
Modified:
head/contrib/bearssl/tools/brssl.h
head/contrib/bearssl/tools/xmem.c
Modified: head/contrib/bearssl/tools/brssl.h
==============================================================================
--- vendor/bearssl/dist/tools/brssl.h Mon Jan 21 20:58:33 2019 (r343285)
+++ head/contrib/bearssl/tools/brssl.h Tue Feb 26 05:59:22 2019 (r344564)
@@ -25,10 +25,15 @@
#ifndef BRSSL_H__
#define BRSSL_H__
+#ifndef _STANDALONE
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
+
+#elif !defined(STAND_H)
+#include <stand.h>
+#endif
#include "bearssl.h"
Modified: head/contrib/bearssl/tools/xmem.c
==============================================================================
--- vendor/bearssl/dist/tools/xmem.c Mon Jan 21 20:58:33 2019 (r343285)
+++ head/contrib/bearssl/tools/xmem.c Tue Feb 26 05:59:22 2019 (r344564)
@@ -35,9 +35,13 @@ xmalloc(size_t len)
}
buf = malloc(len);
if (buf == NULL) {
+#ifndef _STANDALONE
fprintf(stderr, "ERROR: could not allocate %lu byte(s)\n",
(unsigned long)len);
exit(EXIT_FAILURE);
+#else
+;
+#endif
}
return buf;
}
@@ -90,9 +94,13 @@ xpkeydup(const br_x509_pkey *pk)
pk2->key.ec.qlen = pk->key.ec.qlen;
break;
default:
+#ifndef _STANDALONE
fprintf(stderr, "Unknown public key type: %u\n",
(unsigned)pk->key_type);
exit(EXIT_FAILURE);
+#else
+;
+#endif
}
return pk2;
}
@@ -111,9 +119,13 @@ xfreepkey(br_x509_pkey *pk)
xfree(pk->key.ec.q);
break;
default:
+#ifndef _STANDALONE
fprintf(stderr, "Unknown public key type: %u\n",
(unsigned)pk->key_type);
exit(EXIT_FAILURE);
+#else
+;
+#endif
}
xfree(pk);
}
Added: head/lib/libbearssl/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libbearssl/Makefile Tue Feb 26 05:59:22 2019 (r344564)
@@ -0,0 +1,277 @@
+# $FreeBSD$
+
+# This is a reach over build of BearSSL (www.BearSSL.org)
+
+.include <src.opts.mk>
+
+LIB= bearssl
+
+# pick up SRCS used by libsa
+.include "Makefile.libsa.inc"
+
+SRCS+= \
+ codec/dec16be.c \
+ codec/dec16le.c \
+ codec/dec32le.c \
+ codec/dec64le.c \
+ codec/enc16be.c \
+ codec/enc16le.c \
+ codec/enc32le.c \
+ codec/enc64le.c \
+ codec/pemenc.c \
+ ec/ec_all_m15.c \
+ ec/ec_c25519_i15.c \
+ ec/ec_c25519_i31.c \
+ ec/ec_c25519_m15.c \
+ ec/ec_curve25519.c \
+ ec/ec_keygen.c \
+ ec/ec_p256_m15.c \
+ ec/ec_prime_i15.c \
+ ec/ecdsa_default_sign_asn1.c \
+ ec/ecdsa_default_sign_raw.c \
+ ec/ecdsa_default_vrfy_raw.c \
+ ec/ecdsa_i15_bits.c \
+ ec/ecdsa_i15_sign_asn1.c \
+ ec/ecdsa_i15_sign_raw.c \
+ ec/ecdsa_i15_vrfy_asn1.c \
+ ec/ecdsa_i15_vrfy_raw.c \
+ ec/ecdsa_i31_sign_asn1.c \
+ ec/ecdsa_i31_sign_raw.c \
+ ec/ecdsa_rta.c \
+ hash/dig_oid.c \
+ hash/dig_size.c \
+ hash/ghash_ctmul.c \
+ hash/ghash_ctmul32.c \
+ hash/ghash_ctmul64.c \
+ hash/ghash_pwr8.c \
+ hash/md5.c \
+ hash/md5sha1.c \
+
+
+# this one does not compile for amd64
+# we do not need it
+# hash/ghash_pclmul.c \
+
+SRCS+= \
+ int/i15_add.c \
+ int/i15_bitlen.c \
+ int/i15_decmod.c \
+ int/i15_decode.c \
+ int/i15_decred.c \
+ int/i15_encode.c \
+ int/i15_fmont.c \
+ int/i15_iszero.c \
+ int/i15_moddiv.c \
+ int/i15_modpow.c \
+ int/i15_modpow2.c \
+ int/i15_montmul.c \
+ int/i15_mulacc.c \
+ int/i15_muladd.c \
+ int/i15_ninv15.c \
+ int/i15_reduce.c \
+ int/i15_rshift.c \
+ int/i15_sub.c \
+ int/i15_tmont.c \
+ int/i31_decred.c \
+ int/i31_mulacc.c \
+ int/i31_reduce.c \
+ int/i32_add.c \
+ int/i32_bitlen.c \
+ int/i32_decmod.c \
+ int/i32_decode.c \
+ int/i32_decred.c \
+ int/i32_encode.c \
+ int/i32_fmont.c \
+ int/i32_iszero.c \
+ int/i32_modpow.c \
+ int/i32_montmul.c \
+ int/i32_mulacc.c \
+ int/i32_muladd.c \
+ int/i32_ninv32.c \
+ int/i32_reduce.c \
+ int/i32_sub.c \
+ int/i32_tmont.c \
+
+SRCS+= \
+ kdf/hkdf.c \
+ kdf/shake.c \
+
+SRCS+= \
+ rsa/rsa_default_keygen.c \
+ rsa/rsa_default_modulus.c \
+ rsa/rsa_default_pkcs1_sign.c \
+ rsa/rsa_default_priv.c \
+ rsa/rsa_default_privexp.c \
+ rsa/rsa_default_pss_sign.c \
+ rsa/rsa_default_pss_vrfy.c \
+ rsa/rsa_default_pub.c \
+ rsa/rsa_default_pubexp.c \
+ rsa/rsa_i15_keygen.c \
+ rsa/rsa_i15_modulus.c \
+ rsa/rsa_i15_pkcs1_sign.c \
+ rsa/rsa_i15_pkcs1_vrfy.c \
+ rsa/rsa_i15_priv.c \
+ rsa/rsa_i15_privexp.c \
+ rsa/rsa_i15_pss_sign.c \
+ rsa/rsa_i15_pss_vrfy.c \
+ rsa/rsa_i15_pub.c \
+ rsa/rsa_i15_pubexp.c \
+ rsa/rsa_i31_keygen.c \
+ rsa/rsa_i31_keygen_inner.c \
+ rsa/rsa_i31_modulus.c \
+ rsa/rsa_i31_pkcs1_sign.c \
+ rsa/rsa_i31_priv.c \
+ rsa/rsa_i31_privexp.c \
+ rsa/rsa_i31_pss_sign.c \
+ rsa/rsa_i31_pss_vrfy.c \
+ rsa/rsa_i31_pubexp.c \
+ rsa/rsa_i32_pkcs1_sign.c \
+ rsa/rsa_i32_pkcs1_vrfy.c \
+ rsa/rsa_i32_priv.c \
+ rsa/rsa_i32_pss_sign.c \
+ rsa/rsa_i32_pss_vrfy.c \
+ rsa/rsa_i32_pub.c \
+ rsa/rsa_i62_keygen.c \
+ rsa/rsa_i62_pkcs1_sign.c \
+ rsa/rsa_i62_priv.c \
+ rsa/rsa_i62_pss_sign.c \
+ rsa/rsa_i62_pss_vrfy.c \
+ rsa/rsa_pkcs1_sig_pad.c \
+ rsa/rsa_pss_sig_pad.c \
+ rsa/rsa_pss_sig_unpad.c \
+ rsa/rsa_ssl_decrypt.c \
+
+SRCS+= \
+ x509/encode_ec_pk8der.c \
+ x509/encode_ec_rawder.c \
+ x509/encode_rsa_pk8der.c \
+ x509/encode_rsa_rawder.c \
+ x509/skey_decoder.c \
+ x509/x509_knownkey.c \
+ x509/x509_minimal_full.c \
+
+INCS= \
+ inc/bearssl.h \
+ inc/bearssl_aead.h \
+ inc/bearssl_block.h \
+ inc/bearssl_ec.h \
+ inc/bearssl_hash.h \
+ inc/bearssl_hmac.h \
+ inc/bearssl_kdf.h \
+ inc/bearssl_pem.h \
+ inc/bearssl_prf.h \
+ inc/bearssl_rand.h \
+ inc/bearssl_rsa.h \
+ inc/bearssl_ssl.h \
+ inc/bearssl_x509.h \
+
+INCS:= ${INCS:S,^,${BEARSSL}/,}
+
+
+.if ${MK_BEARSSL_SSL:Uno} == "yes"
+SRCS+= \
+ mac/hmac.c \
+ mac/hmac_ct.c \
+ rand/hmac_drbg.c \
+ ssl/prf.c \
+ ssl/prf_md5sha1.c \
+ ssl/prf_sha256.c \
+ ssl/prf_sha384.c \
+ ssl/ssl_ccert_single_ec.c \
+ ssl/ssl_ccert_single_rsa.c \
+ ssl/ssl_client.c \
+ ssl/ssl_client_default_rsapub.c \
+ ssl/ssl_client_full.c \
+ ssl/ssl_engine.c \
+ ssl/ssl_engine_default_aescbc.c \
+ ssl/ssl_engine_default_aesccm.c \
+ ssl/ssl_engine_default_aesgcm.c \
+ ssl/ssl_engine_default_chapol.c \
+ ssl/ssl_engine_default_descbc.c \
+ ssl/ssl_engine_default_ec.c \
+ ssl/ssl_engine_default_ecdsa.c \
+ ssl/ssl_engine_default_rsavrfy.c \
+ ssl/ssl_hashes.c \
+ ssl/ssl_hs_client.c \
+ ssl/ssl_hs_server.c \
+ ssl/ssl_io.c \
+ ssl/ssl_lru.c \
+ ssl/ssl_rec_cbc.c \
+ ssl/ssl_rec_ccm.c \
+ ssl/ssl_rec_chapol.c \
+ ssl/ssl_rec_gcm.c \
+ ssl/ssl_scert_single_ec.c \
+ ssl/ssl_scert_single_rsa.c \
+ ssl/ssl_server.c \
+ ssl/ssl_server_full_ec.c \
+ ssl/ssl_server_full_rsa.c \
+ ssl/ssl_server_mine2c.c \
+ ssl/ssl_server_mine2g.c \
+ ssl/ssl_server_minf2c.c \
+ ssl/ssl_server_minf2g.c \
+ ssl/ssl_server_minr2g.c \
+ ssl/ssl_server_minu2g.c \
+ ssl/ssl_server_minv2g.c \
+
+SRCS+= \
+ symcipher/aes_big_cbcdec.c \
+ symcipher/aes_big_cbcenc.c \
+ symcipher/aes_big_ctr.c \
+ symcipher/aes_big_dec.c \
+ symcipher/aes_big_enc.c \
+ symcipher/aes_common.c \
+ symcipher/aes_ct.c \
+ symcipher/aes_ct64.c \
+ symcipher/aes_ct64_cbcdec.c \
+ symcipher/aes_ct64_cbcenc.c \
+ symcipher/aes_ct64_ctr.c \
+ symcipher/aes_ct64_dec.c \
+ symcipher/aes_ct64_enc.c \
+ symcipher/aes_ct_cbcdec.c \
+ symcipher/aes_ct_cbcenc.c \
+ symcipher/aes_ct_ctr.c \
+ symcipher/aes_ct_dec.c \
+ symcipher/aes_ct_enc.c \
+ symcipher/aes_pwr8.c \
+ symcipher/aes_pwr8_cbcdec.c \
+ symcipher/aes_pwr8_cbcenc.c \
+ symcipher/aes_pwr8_ctr.c \
+ symcipher/aes_pwr8_ctrcbc.c \
+ symcipher/aes_small_cbcdec.c \
+ symcipher/aes_small_cbcenc.c \
+ symcipher/aes_small_ctr.c \
+ symcipher/aes_small_dec.c \
+ symcipher/aes_small_enc.c \
+ symcipher/aes_x86ni.c \
+ symcipher/aes_x86ni_cbcdec.c \
+ symcipher/aes_x86ni_cbcenc.c \
+ symcipher/aes_x86ni_ctr.c \
+ symcipher/chacha20_ct.c \
+ symcipher/des_ct.c \
+ symcipher/des_ct_cbcdec.c \
+ symcipher/des_ct_cbcenc.c \
+ symcipher/des_support.c \
+ symcipher/des_tab.c \
+ symcipher/des_tab_cbcdec.c \
+ symcipher/des_tab_cbcenc.c \
+ symcipher/poly1305_ctmul.c \
+ symcipher/poly1305_ctmul32.c \
+ symcipher/poly1305_ctmulq.c \
+ symcipher/poly1305_i15.c \
+
+.endif
+
+.include <bsd.lib.mk>
+
+.if ${MACHINE} == "host"
+CWARNFLAGS+= -Wno-error
+.endif
+XCFLAGS.gcc.rsa_i62_keygen+= -Wno-error
+XCFLAGS.i15_moddiv+= -Wno-shadow
+XCFLAGS.i31_moddiv+= -Wno-shadow
+XCFLAGS.i62_modpow2+= -Wno-cast-align
+XCFLAGS.x509_minimal+= -Wno-cast-qual
+
+CFLAGS+= ${XCFLAGS.${.TARGET:T:R}:U} \
+ ${XCFLAGS.${COMPILER_TYPE}.${.TARGET:T:R}:U}
+
Added: head/lib/libbearssl/Makefile.depend
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libbearssl/Makefile.depend Tue Feb 26 05:59:22 2019 (r344564)
@@ -0,0 +1,17 @@
+# $FreeBSD$
+# Autogenerated - do NOT edit!
+
+DIRDEPS = \
+ gnu/lib/csu \
+ include \
+ include/xlocale \
+ lib/${CSU_DIR} \
+ lib/libc \
+ lib/libcompiler_rt \
+
+
+.include <dirdeps.mk>
+
+.if ${DEP_RELDIR} == ${_DEP_RELDIR}
+# local dependencies - needed for -jN in clean tree
+.endif
Added: head/lib/libbearssl/Makefile.inc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libbearssl/Makefile.inc Tue Feb 26 05:59:22 2019 (r344564)
@@ -0,0 +1,7 @@
+# $FreeBSD$
+
+BEARSSL?= ${SRCTOP}/contrib/bearssl
+BEARSSL_SRC= ${BEARSSL}/src
+
+CFLAGS+= -I${BEARSSL}/inc
+
Added: head/lib/libbearssl/Makefile.libsa.inc
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/lib/libbearssl/Makefile.libsa.inc Tue Feb 26 05:59:22 2019 (r344564)
@@ -0,0 +1,86 @@
+# $FreeBSD$
+
+# This file is included by libsa
+# It contains SRCS needed for loader
+
+.PATH: ${.PARSEDIR}
+
+.include "Makefile.inc"
+
+.PATH: ${BEARSSL_SRC}
+
+CFLAGS+= -I${BEARSSL_SRC}
+
+# we do not need/want nested objdirs
+OBJS_SRCS_FILTER = T R
+
+# we list only the srcs the loader(s) actually needs
+SRCS+= \
+ codec/ccopy.c \
+ codec/dec32be.c \
+ codec/dec64be.c \
+ codec/enc32be.c \
+ codec/enc64be.c \
+ codec/pemdec.c \
+
+SRCS+= \
+ ec/ec_all_m31.c \
+ ec/ec_c25519_m31.c \
+ ec/ec_c25519_m62.c \
+ ec/ec_c25519_m64.c \
+ ec/ec_default.c \
+ ec/ec_p256_m31.c \
+ ec/ec_p256_m62.c \
+ ec/ec_p256_m64.c \
+ ec/ec_prime_i31.c \
+ ec/ec_pubkey.c \
+ ec/ec_secp256r1.c \
+ ec/ec_secp384r1.c \
+ ec/ec_secp521r1.c \
+ ec/ecdsa_atr.c \
+ ec/ecdsa_default_vrfy_asn1.c \
+ ec/ecdsa_i31_bits.c \
+ ec/ecdsa_i31_vrfy_asn1.c \
+ ec/ecdsa_i31_vrfy_raw.c \
+
+# Note: sha1 is needed for OpenPGP (keyId)
+SRCS+= \
+ hash/multihash.c \
+ hash/sha1.c \
+ hash/sha2big.c \
+ hash/sha2small.c \
+
+SRCS+= \
+ int/i31_add.c \
+ int/i31_bitlen.c \
+ int/i31_decmod.c \
+ int/i31_decode.c \
+ int/i31_encode.c \
+ int/i31_fmont.c \
+ int/i31_iszero.c \
+ int/i31_moddiv.c \
+ int/i31_modpow.c \
+ int/i31_modpow2.c \
+ int/i31_montmul.c \
+ int/i31_muladd.c \
+ int/i31_ninv31.c \
+ int/i31_rshift.c \
+ int/i31_sub.c \
+ int/i31_tmont.c \
+ int/i32_div32.c \
+ int/i62_modpow2.c \
+
+SRCS+= \
+ rsa/rsa_default_pkcs1_vrfy.c \
+ rsa/rsa_i31_pkcs1_vrfy.c \
+ rsa/rsa_i31_pub.c \
+ rsa/rsa_i62_pkcs1_vrfy.c \
+ rsa/rsa_i62_pub.c \
+ rsa/rsa_pkcs1_sig_unpad.c \
+
+
+SRCS+= \
+ x509/asn1enc.c \
+ x509/x509_decoder.c \
+ x509/x509_minimal.c \
+
More information about the svn-src-all
mailing list